Backdoor.Tidserv!in - wie werde ich diesen Trojaner los? |
||
---|---|---|
#0
| ||
30.03.2010, 16:50
Member
Beiträge: 12 |
||
|
||
30.03.2010, 17:04
Member
Beiträge: 3716 |
||
|
||
31.03.2010, 10:24
Member
Themenstarter Beiträge: 12 |
#3
Mach ich, das lustige im momentan nur dass ich am PC kaum mehr arbeiten kann, da der Virus auch mein Norton 360 lahm gelegt hat. Das Antivirentool lässt sich nicht mehr aktivieren.
|
|
|
||
31.03.2010, 12:08
Member
Themenstarter Beiträge: 12 |
#4
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org Datenbank Version: 3930 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 31.03.2010 12:08:03 mbam-log-2010-03-31 (12-08-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 110867 Laufzeit: 14 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Paul\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. |
|
|
||
31.03.2010, 15:08
Member
Themenstarter Beiträge: 12 |
#5
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-31 15:01:33 Windows 6.0.6002 Service Pack 2 Running: dzjjqic4.exe; Driver: C:\Users\Paul\AppData\Local\Temp\ugrdipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8AFCBEEE] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8AFCC0E0] SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x8B06BBD6] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8AFCC2E8] INT 0x52 ? 8716FF00 INT 0x62 ? 8716FF00 INT 0x72 ? 86137BF8 INT 0x82 ? 86137BF8 INT 0x92 ? 8613BBF8 INT 0xA3 ? 8716FF00 INT 0xB2 ? 8716FF00 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 209 82AF096C 8 Bytes [EE, BE, FC, 8A, E0, C0, FC, ...] .text ntkrnlpa.exe!KeSetEvent + 621 82AF0D84 4 Bytes [D6, BB, 06, 8B] .text ntkrnlpa.exe!KeSetEvent + 6E5 82AF0E48 4 Bytes CALL 3E3A0B0F ? System32\Drivers\spqa.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8F90441B 5 Bytes JMP 8716F4E0 .text ari8f48z.SYS 8FC65000 22 Bytes [82, 83, A1, 82, 6C, 82, A1, ...] .text ari8f48z.SYS 8FC65017 106 Bytes [00, 32, 37, 7A, 80, 3D, 35, ...] .text ari8f48z.SYS 8FC65082 74 Bytes [A5, 82, E7, 20, A5, 82, C6, ...] .text ari8f48z.SYS 8FC650CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...] .text ari8f48z.SYS 8FC650DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806996D6] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80699042] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80699800] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806990C0] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069913E] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A8E9C] \SystemRoot\System32\Drivers\spqa.sys IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortNotification] CC000CC2 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortMoveMemory] 00012284 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0 IAT \SystemRoot\System32\Drivers\ari8f48z.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73897817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [738EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7389BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7388F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [738975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7388E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [738C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7389DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7388FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7388FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [738871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7391CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [738BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7388D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73886853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7388687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1132] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73892AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8613D1F8 AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 861391F8 Device \Driver\usbuhci \Device\USBPDO-0 86F051F8 Device \Driver\usbuhci \Device\USBPDO-1 86F051F8 Device \Driver\usbehci \Device\USBPDO-2 86F061F8 Device \Driver\usbuhci \Device\USBPDO-3 86F051F8 Device \Driver\usbuhci \Device\USBPDO-4 86F051F8 Device \Driver\usbuhci \Device\USBPDO-5 86F051F8 Device \Driver\usbehci \Device\USBPDO-6 86F061F8 Device \Driver\volmgr \Device\HarddiskVolume1 861391F8 Device \Driver\volmgr \Device\HarddiskVolume2 861391F8 Device \Driver\cdrom \Device\CdRom0 86FB91F8 Device \Driver\volmgr \Device\HarddiskVolume3 861391F8 Device \Driver\cdrom \Device\CdRom1 86FB91F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8613C1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8AF08580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 8613C1F8 Device \Driver\atapi \Device\Ide\IdePort1 8613C1F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AF08580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\PCI_PNP0944 \Device\00000066 spqa.sys Device \Driver\cdrom \Device\CdRom2 86FB91F8 Device \Driver\volmgr \Device\HarddiskVolume4 861391F8 Device \Driver\sptd \Device\793772956 spqa.sys Device \Driver\iScsiPrt \Device\RaidPort0 86FC51F8 Device \Driver\usbuhci \Device\USBFDO-0 86F051F8 Device \Driver\usbuhci \Device\USBFDO-1 86F051F8 Device \Driver\usbehci \Device\USBFDO-2 86F061F8 Device \Driver\usbuhci \Device\USBFDO-3 86F051F8 Device \Driver\usbuhci \Device\USBFDO-4 86F051F8 Device \Driver\usbuhci \Device\USBFDO-5 86F051F8 Device \Driver\usbehci \Device\USBFDO-6 86F061F8 Device \Driver\ari8f48z \Device\Scsi\ari8f48z1Port4Path0Target1Lun0 86FC11F8 Device \Driver\ari8f48z \Device\Scsi\ari8f48z1 86FC11F8 Device \Driver\ari8f48z \Device\Scsi\ari8f48z1Port4Path0Target0Lun0 86FC11F8 Device \FileSystem\cdfs \Cdfs 86CDE500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52 Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52@0024ef8e5113 0x38 0x42 0x64 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001fe2eaba52@001e45d41295 0xE7 0x62 0x44 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ... Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52@0024ef8e5113 0x38 0x42 0x64 0xE4 ... Reg HKLM\SYSTEM\ControlSet004\Services\BthPort\Parameters\Keys\001fe2eaba52@001e45d41295 0xE7 0x62 0x44 0x8D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xF1 0x85 0x53 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x2E 0xDE 0xE3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC7 0x47 0x94 0x9C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0x73 0xD2 0xA4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x16 0xE0 0x0C 0x89 ... ---- EOF - GMER 1.0.15 ---- |
|
|
||
31.03.2010, 15:18
Member
Themenstarter Beiträge: 12 |
#6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:34, on 31.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Windows\system32\svchost.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxdecoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Program Files\3DataManager\WTGService.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Secunia\PSI\psi.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\DllHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\PLFSetI.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Lexmark 4800 Series\lxdemon.exe C:\Program Files\Lexmark 4800 Series\lxdeamon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.Exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Paul\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe" O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [Window Arrangment on Splitted Screen] C:\Program Files\Acer Inc\Acer GridVista\GridVistaULH.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: SETAUDIO.EXE O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\coIEPlg.dll O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 17457 bytes |
|
|
||
31.03.2010, 15:19
Member
Themenstarter Beiträge: 12 |
#7
32 Bit HP CIO Components Installer
3DataManager ABBYY FineReader 6.0 Sprint Acer Arcade Deluxe Acer Crystal Eye Webcam Acer eAudio Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Acer VCM Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Acrobat 9.2.0 - CPSID_50026 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Elements 8.0 Adobe Reader 9.2 - Deutsch Adobe Shockwave Player 11.5 AGEIA PhysX v7.09.13 Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Broadcom Gigabit Integrated Controller Browser Defender 2.0.6.15 Der Schreibtrainer 3.7 DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Web Player Duden Rechtschreibtrainer Glary Utilities Pro 2.16.0.758 Google Talk Plugin Google Updater HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ICQ6.5 Intel® Matrix Storage Manager iTunes Java(TM) 6 Update 17 Junk Mail filter update Launch Manager Lexmark 4800 Series LimeWire PRO 5.3.6 Malwarebytes' Anti-Malware Maxtor Manager Maxtor Manager Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MobileMe Control Panel Mozilla Firefox (3.6.2pre) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml Norton 360 Premier Edition NTI Backup NOW! 4.7 NTI CD & DVD-Maker NVIDIA Drivers OGA Notifier 2.0.0048.0 Picasa 3 PowerProducer QuickTime RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 Safari Secunia PSI Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB978380) Security Update for Microsoft Office Excel 2007 (KB978382) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Skype web features Skype™ 4.1 Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy Spyware Doctor 7.0 Synaptics Pointing Device Driver TuneUp Utilities Unreal Tournament 3 Update for 2007 Microsoft Office System (KB967642) Update for 2007 Microsoft Office System (KB977724) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office InfoPath 2007 (KB976416) Update for Microsoft Office Word 2007 (KB974561) Update for Outlook 2007 Junk Email Filter (kb979895) Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.4053 Vista Codec Package Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM VLC media player 0.9.8a VoiceOver Kit Vuze Warcraft III WIDCOMM Bluetooth Software 6.0.1.4900 Winamp Winamp Remote Winbond CIR Drivers Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Fotogalerie Windows Live ID-Anmelde-Assistent Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Live-Uploadtool WinRAR archiver Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965) Wolfram Notebook Indexer 2.0 Yahoo! Toolbar |
|
|
||
31.03.2010, 15:31
Member
Beiträge: 3716 |
#8
ok, nun combofix.
|
|
|
||
31.03.2010, 15:43
Member
Themenstarter Beiträge: 12 |
#9
Dies ist mit Norton geschehen nachdem der Virus/Trojaner aktiv wurde. Und ich kann es nicht mehr aktivieren, alle wichtigen Funktionen sind deaktiviert! Bei combofix bin ich gerade dabei. Danke einstweilen für deine Hilfe. Edit: Komisch, die Bilder kann man nicht sehen, obwohl ich sie ordnungsgemäß eingebunden habe. Hier die URL: https://cid-49e5187c5d3b557b.skydrive.live.com/self.aspx/.Documents/Norton/Unbenannt-1.jpg https://cid-49e5187c5d3b557b.skydrive.live.com/self.aspx/.Documents/Norton/Unbenannt-3.jpg |
|
|
||
31.03.2010, 16:07
Member
Beiträge: 3716 |
#10
kriegen wir schon hin, immer locker.
|
|
|
||
01.04.2010, 00:52
Member
Themenstarter Beiträge: 12 |
#11
Okay
Hoffe das ist der richtige. ComboFix 10-03-29.04 - Paul 31.03.2010 15:56:26.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3069.1843 [GMT 2:00] ausgeführt von:: c:\users\Paul\Downloads\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Paul\AppData\Roaming\inst.exe c:\windows\system32\ActNAV_cltDynam.dat . ((((((((((((((((((((((( Dateien erstellt von 2010-02-28 bis 2010-03-31 )))))))))))))))))))))))))))))) . 2010-03-31 14:27 . 2010-03-31 14:28 -------- d-----w- c:\users\Paul\AppData\Local\temp 2010-03-31 14:27 . 2010-03-31 14:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-03-31 14:27 . 2010-03-31 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-31 13:50 . 2010-02-12 16:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll 2010-03-31 13:50 . 2010-02-01 18:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2010-03-31 13:34 . 2010-03-31 13:47 -------- d-----w- C:\32788R22FWJFW 2010-03-31 11:04 . 2010-03-31 11:04 93056 ----a-w- C:\ugrdipow.sys 2010-03-31 08:38 . 2010-02-02 08:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2010-03-31 08:38 . 2010-02-02 08:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2010-03-31 08:38 . 2010-02-02 08:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2010-03-31 08:38 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-03-31 08:38 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll 2010-03-31 08:38 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip 2010-03-31 08:38 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-03-31 08:38 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-03-31 08:38 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip 2010-03-31 08:30 . 2010-03-31 08:30 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-03-31 07:41 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-03-31 07:41 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-03-31 07:41 . 2010-03-10 09:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-03-31 07:41 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-03-31 07:41 . 2010-02-05 07:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-03-30 14:27 . 2010-03-31 14:16 -------- d-----w- c:\program files\Spyware Doctor 2010-03-30 14:27 . 2010-03-31 07:41 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-30 14:27 . 2010-03-30 14:55 -------- d-----w- c:\programdata\PC Tools 2010-03-30 14:27 . 2010-03-30 14:27 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Tools 2010-03-28 15:23 . 2010-02-25 08:13 11776 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll 2010-03-26 14:03 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys 2010-03-26 14:03 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\Scxpx86.dll 2010-03-26 14:03 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSxpx86.dll 2010-03-26 14:03 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys 2010-03-26 14:03 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys 2010-03-24 08:53 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\Scxpx86.dll 2010-03-24 08:53 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSvix86.sys 2010-03-24 08:53 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSXpx86.sys 2010-03-24 08:53 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSxpx86.dll 2010-03-24 08:53 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSviA64.sys 2010-03-23 20:52 . 2010-03-23 20:52 144053 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\uninstall.exe 2010-03-16 13:29 . 2010-01-05 14:57 545280 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe 2010-03-16 13:29 . 2010-01-05 14:57 344064 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe 2010-03-16 13:29 . 2010-01-05 14:57 153600 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll 2010-03-16 13:29 . 2010-01-05 14:57 103424 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\pixomatic.dll 2010-03-16 13:29 . 2010-01-05 14:57 57856 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll 2010-03-16 13:29 . 2010-01-05 14:57 4725760 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\libs\cooliris192.dll 2010-03-15 00:07 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll 2010-03-15 00:07 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys 2010-03-15 00:07 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys 2010-03-15 00:07 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll 2010-03-15 00:07 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys 2010-03-13 19:11 . 2010-03-13 19:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-10 18:02 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-10 18:02 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-10 18:02 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-08 05:21 . 2010-03-08 05:21 -------- d-----w- c:\programdata\Symantec 2010-03-07 23:36 . 2010-03-07 23:42 -------- d-----w- c:\users\Paul\Incomplete 2010-03-07 21:26 . 2010-03-07 21:23 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-03-07 21:26 . 2010-03-07 21:23 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-03-07 21:26 . 2010-03-07 21:23 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2010-03-07 21:24 . 2010-03-07 21:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-03-07 21:24 . 2010-03-07 21:37 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-03-07 21:24 . 2010-03-07 21:24 -------- d-----w- c:\program files\Symantec 2010-03-07 21:23 . 2010-03-07 21:23 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2010-03-07 21:23 . 2010-03-07 21:23 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2010-03-07 21:23 . 2010-03-07 21:23 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2010-03-07 21:23 . 2010-03-11 01:08 -------- d-----w- c:\windows\system32\drivers\N360 2010-03-07 21:23 . 2010-03-07 21:23 -------- d-----w- c:\program files\NortonInstaller 2010-03-07 20:56 . 2010-03-07 21:23 -------- d-----w- c:\programdata\NortonInstaller 2010-03-07 18:29 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-05 22:00 . 2010-03-05 22:00 -------- d-----w- c:\program files\NortonInstaller(21) . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2055-09-19 06:29 . 2009-09-19 06:00 2012 ----a-w- c:\windows\system32\NAV_75_cltDynam.dat 2010-03-31 13:57 . 2008-01-21 07:15 621952 ----a-w- c:\windows\system32\perfh007.dat 2010-03-31 13:57 . 2008-01-21 07:15 123852 ----a-w- c:\windows\system32\perfc007.dat 2010-03-31 13:49 . 2009-02-25 18:27 12 ----a-w- c:\windows\bthservsdp.dat 2010-03-31 09:52 . 2009-02-22 13:38 124392 ----a-w- c:\users\Paul\AppData\Roaming\nvModes.dat 2010-03-31 09:28 . 2009-10-18 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-30 15:40 . 2010-02-12 16:55 -------- d-----w- c:\program files\QuickTime 2010-03-30 15:40 . 2009-11-07 16:19 -------- d-----w- c:\program files\Lexmark 4800 Series 2010-03-30 15:40 . 2009-10-16 21:03 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-03-30 15:40 . 2009-03-09 18:32 -------- d-----w- c:\program files\Glary Utilities 2010-03-30 15:40 . 2009-02-19 17:29 -------- d-----w- c:\program files\Launch Manager 2010-03-30 15:40 . 2009-03-11 18:05 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc 2010-03-30 15:40 . 2009-02-21 22:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Azureus 2010-03-30 15:25 . 2009-02-23 21:10 -------- d-----w- c:\programdata\Google Updater 2010-03-29 22:46 . 2009-10-18 09:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2009-10-18 09:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-28 02:53 . 2010-02-08 00:39 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-03-28 02:52 . 2009-12-16 12:47 -------- d-----w- c:\program files\Warcraft III 2010-03-24 11:33 . 2009-04-27 18:56 -------- d-----w- c:\users\Paul\AppData\Roaming\ICQ 2010-03-24 08:59 . 2009-02-24 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss 2010-03-23 20:52 . 2009-08-17 19:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Move Networks 2010-03-23 20:52 . 2010-02-11 19:31 5640640 ----a-w- c:\users\Paul\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll 2010-03-13 19:15 . 2010-02-11 20:03 -------- d-----w- c:\program files\Safari 2010-03-11 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-10 18:07 . 2008-03-25 14:26 -------- d-----w- c:\programdata\Microsoft Help 2010-03-09 16:13 . 2009-02-23 19:48 -------- d-----w- c:\programdata\Lx_cats 2010-03-09 15:35 . 2010-03-09 15:35 800792 ----a-w- c:\programdata\SPLBE4E.tmp 2010-03-09 14:09 . 2009-02-21 21:34 -------- d-----w- c:\users\Paul\AppData\Roaming\LimeWire 2010-03-07 21:29 . 2009-11-21 12:02 -------- d---a-w- c:\programdata\Norton 2010-03-07 21:24 . 2010-03-07 21:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-03-07 21:24 . 2010-03-07 21:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-03-07 21:23 . 2010-01-22 15:24 -------- d-----w- c:\program files\Norton 360 Premier Edition 2010-03-05 22:00 . 2009-11-10 22:39 -------- d-----w- c:\program files\Norton Internet Security 2010-02-24 14:23 . 2009-02-19 17:28 163008 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-05 19:53 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 23:18 . 2009-02-17 13:58 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-02-23 06:39 . 2010-03-31 09:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 09:32 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 09:32 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 09:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 18:07 . 2008-03-25 14:28 -------- d-----w- c:\program files\Microsoft Works 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-18 00:03 . 2010-02-18 00:03 739216 ----a-w- c:\programdata\SPLB5D9.tmp 2010-02-17 23:54 . 2010-02-17 23:54 734444 ----a-w- c:\programdata\SPL878E.tmp 2010-02-17 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2010-02-17 21:01 . 2010-02-17 21:01 -------- d-----w- c:\program files\Microsoft.NET 2010-02-17 20:57 . 2010-02-17 20:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-02-12 21:34 . 2009-11-18 22:05 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype 2010-02-12 20:10 . 2009-11-18 22:11 -------- d-----w- c:\users\Paul\AppData\Roaming\skypePM 2010-02-12 00:37 . 2009-02-22 09:31 -------- d-----w- c:\users\Paul\AppData\Roaming\Apple Computer 2010-02-11 20:20 . 2010-02-11 20:08 -------- d-----w- c:\program files\iTunes 2010-02-11 20:20 . 2009-02-22 10:17 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat 2010-02-11 20:08 . 2010-02-11 20:08 -------- d-----w- c:\program files\iPod 2010-02-11 20:08 . 2009-02-22 09:28 -------- d-----w- c:\program files\Common Files\Apple 2010-02-11 20:04 . 2010-02-11 20:04 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-11 20:01 . 2010-02-11 20:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2010-02-06 17:50 . 2009-04-27 18:55 -------- d-----w- c:\program files\ICQ6.5 2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll 2010-01-25 12:00 . 2010-02-24 08:11 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 08:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 08:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 08:11 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 08:11 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 08:11 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 08:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 08:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:21 . 2010-02-24 08:11 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-23 09:26 . 2010-02-24 08:12 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-06 15:39 . 2010-02-24 08:11 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-24 08:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-24 08:11 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 08:11 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 08:11 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 08:11 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-24 08:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Window Arrangment on Splitted Screen"="c:\program files\Acer Inc\Acer GridVista\GridVistaULH.exe" [2008-03-05 387592] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600] "lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608] c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336] SETAUDIO.EXE [2008-4-4 20480] SETRES.EXE [2008-4-4 20480] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck turegopt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-03-29 22:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "Google Update"="c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c "AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):f8,1c,35,9d,60,e6,c9,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-27 721904] R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-07 102448] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-07 310320] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-07 259632] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-07 482432] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100326.001\IDSvix86.sys [2009-10-28 343088] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe [2007-05-29 598960] S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-03-07 117640] S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256] S2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [2008-10-21 267720] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408] S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-07 48688] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552] S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Inhalt des "geplante Tasks" Ordners 2010-03-31 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-03-09 17:27] 2010-03-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 20:18] 2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67386191-2426360508-2556992975-1000Core.job - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 22:41] 2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67386191-2426360508-2556992975-1000UA.job - c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 22:41] 2010-03-31 c:\windows\Tasks\User_Feed_Synchronization-{153A8F6C-A7A6-4B92-9CA4-2BB3567614F2}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.orf.at/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://de.intl.acer.yahoo.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.orf.at FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Paul\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\Paul\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4rs4scsv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-31 16:28 Windows 6.0.6002 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-67386191-2426360508-2556992975-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:4e,9b,c2,2d,b5,ea,56,2a,cd,08,6d,31,aa,55,40,7d,de,28,0e,06,1d, c2,a0,85,58,73,c9,92,30,25,a5,19,24,90,04,ec,30,c9,0c,bc,9c,e9,39,f4,a2,cb,\ "rkeysecu"=hex:aa,48,7a,6f,e1,c6,da,07,36,b8,76,1f,69,ec,b5,14 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000000a [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(1076) c:\program files\Spyware Doctor\TFEngine\TFWAH.dll - - - - - - - > 'lsass.exe'(656) c:\program files\Spyware Doctor\TFEngine\TFWAH.dll . Zeit der Fertigstellung: 2010-03-31 16:44:08 ComboFix-quarantined-files.txt 2010-03-31 14:43 Vor Suchlauf: 11 Verzeichnis(se), 27.486.109.696 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 27.459.543.040 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - FF773806A5E60AC83E69ED8FF0CE4AC0 |
|
|
||
01.04.2010, 12:39
Member
Beiträge: 3716 |
#12
nutze norman tdss cleaner:
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125180-rootkit-tdss-entfernen-norman-tdss-cleaner.html je nach dem ob das programm neustartet, werden 1 oder 2 logs ersellt, poste diese |
|
|
||
ich hab keine Ahnung wie, aber ich hab mir vor kurzem unglücklicherweise diesen Trojaner eingefangen ->http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-111113-1112-99
Das Problem ist dass ich ihn mit Norton 360 nicht entfernen kann, das Programm schreibt ich soll ihn manuell entfernen, nur wie?
In anderen Foren wurde mir schon geraten den PC neu aufzusetzen weil ich diesen Trojaner nicht mehr wegbekommen würde. Entspricht das der Wahrheit?
Ich wollte euch nochmal um Hilfe bitten, da ihr wirklich äußerst kompetent seid.
Vielen vielen Dank im Voraus.